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Abstract-  In  this  paper,  an  approach  to  design  a  real-time 
cryptography  system  for  transferring  vital  signals  is  presented. 
The  cryptography  requirement  is  dictated  by  patient  privacy. 
The  system  is  divided  into  five  main  parts,  namely  symmetric 
encryption  algorithms,  key-exchange  algorithm,  hash  function, 
communication  protocol  and  display.  The  implemented 
algorithms  are  chosen  based  on  parameters  such  as  encryption 
speed,  level  of  security  and  complexity.  The  key-exchange 
algorithm  presented  in  this  paper  is  based  on  the  Diffie-Hellman 
key  exchange  protocol  while  SHA-1  hash  function  has  been  used 
as  a  component  of  authentication.  A  private  message  combined 
with  Diffie-Hellman  key  is  hashed  to  authenticate  both  parties. 
Finally,  a  communication  protocol  has  been  proposed  for  the 
system. 
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I.  Introduction 

With  the  rise  of  information  technology,  computers  play  an 
important  role  in  everyday  life,  including  handling  of 
emergency  cases.  But  transmission  of  medical  data  requires 
ensuring  that  this  data  is  kept  confidential,  while  the  other 
requirement  is  authentication.  Privacy  ensures  that 
transmitting  messages  that  cannot  be  read  or  modified,  while 
authentication  allows  each  party  to  ascertain  the  identity  of  the 
other.  Cryptography  has  done  an  excellent  job  in  solving  both 
problems. 

The  aim  of  this  project  is  to  develop  a  software  running  in  the 
Microsoft  Windows  environment  to  encrypt  and  decrypt  the 
biopotentials  in  real-time  while  providing  authentication. 

II.  Methods 

A.  System  Architecture 

The  whole  system  can  be  subdivided  into  the  following  parts: 
signal  acquisition,  setting  up  a  secure  communication  channel, 
transferring  and  displaying  the  signal.  In  this  project,  three 
different  personal  computers  (PCs)  are  utilized  to  simulate 
different  hardware  devices  in  the  system  (fig.  1). 

Bio-signals  are  usually  acquired  from  a  vital  signs 
monitor/recorder  e.g.  an  ECG  monitor.  In  this  project,  we 
simulated  the  source  of  vital  signals  by  a  transmitting  PC  via 


Fig.  1 .  System  configuration  based  on  three  PC  modules 


a  serial  RS232  link.  In  fig.  1,  the  “Encryptor  PC”  and 
“Decryptor  PC”  take  care  of  authentication  as  well  as 
cryptography  during  transmission.  The  receiver  PC 
(“Decryptor  PC”)  deciphers  data  before  displaying  it  on  the 
monitor.  The  connection  between  these  PCs  is  a  100  Mbps 
Ethernet. 

LabView  (National  Instruments,  Inc)  and  the  concept  of 
Virtual  Instrument  (VI)  are  used  as  a  programming 
environment  to  acquire  and  display  signals.  The  cryptography 
program  itself  is  developed  using  C  language. 

B.  Authentication  &  Cryptography 

Among  the  various  algorithms  used  in  this  work  [l]-[3],  only 
one  is  elaborated  here:  the  Diffie-Hellman  key-exchange 
algorithm  [4]  is  employed  for  key  exchange  purposes.  This 
protocol  allows  two  parties  that  share  common  public-key  and 
generator,  agreeing  on  a  new  set  of  public-key  and  generator 
when  they  start  communicating. 

As  a  public-key  in  this  protocol,  a  large  prime  (1024-bit)  is 
used.  This  key  is  generated  using  Rabin-Miller  prime 
generation  [5]. 

The  Secure  Hash  Algorithm  revised  version  [6]  (SHA-l)  is 
used  in  this  project  as  a  message  digest  algorithm. 

The  overall  operation  of  the  authentication  and  cryptography 
sequences  are  shown  in  Fig.  2.  For  simplicity,  Alice  and  Bob 
represent  the  two  parties  willing  to  communicate  over  an 
insecure  channel. 
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After  the  authentication  stage  is  terminated,  normal  Diffie- 
Hellman  key-exchange  algorithm  is  applied  to  get  the 
session  key.  We  can  now  use  the  session  key  to  encrypt 
and  decrypt  messages  between  the  two  parties  (Alice  and 
Bob  in  fig.  2). 

C.  Communication  Protocol 

The  Diffie-Hellman  key-exchange  program  is  installed  in 
both  encryptor  and  decryptor  PCs  and  started 
automatically. 


The  two  PCs  will  go  through  the  Diffie-Hellman  key- 
exchange  algorithms  as  described  above.  Once  the  session 
key  is  successfully  established,  the  program  will  be 
minimised  and  data  encryption  is  systematically  dine 
before  transmission. 

The  second  phase  of  the  program  activates  a  remote 
control  software  (NetOp,  from  DanWare  Data  A/S)  in 
order  to  transmit  and  receive  files.  All  these  functions  are 
achieved  by  using  the  ability  of  NetOp  scripting  and 
through  NetOp  OCX  modules.  The  overall  operation  for 
data  transfer  and  is  shown  in  fig.  3. 
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Fig.  3.  Proposed  communication  protocol 


D.  Data  Display 

A  local  VI  checks  for  the  availability  of  a  new  data  file  and 
displays  the  ECG  signal  upon  receipt  of  this  new  file. 

E.  Hardware  Platform 

For  this  system,  3  PCs  are  used  in  the  laboratory 
environment.  In  the  future,  a  single-board  computer  will 
replace  the  “Encryptor  PC”  which  will  be  used  at  the 
accident  area  to  communicate  with  the  PC  at  the  hospital. 


Conclusion 

This  project  is  an  early  stage  of  development  of  a 
telemedicine  project  to  be  deployed  in  accident  and 
emergency  units.  The  system  is  intended  for 
commercialisation  once  completed.  Flowever,  some 
limitations  have  to  be  addressed:  file  transfer  is  used  to 
send  data.  Due  to  this  limitation,  we  are  introducing  some 
delay  to  the  system.  Work  currently  under  progress  is 
addressing  these  issues. 
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